Lucene search
K

2876 matches found

OSV
OSV
added 2021/07/26 5:15 p.m.33 views

CVE-2021-32791

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...

5.9CVSS6.6AI score
Exploits0References7
Debian CVE
Debian CVE
added 2021/07/26 12:0 a.m.44 views

CVE-2021-32791

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...

5.9CVSS6.1AI score0.01503EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/07/20 12:0 a.m.6 views

The vulnerability of the EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate functions in the OpenSSL library for TLS and SSL protocols, related to integer overflow, allows attackers to cause service interruptions.

The vulnerability of the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions in the OpenSSL library for TLS and SSL protocols is related to a numerical overflow condition. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

7.5CVSS6.6AI score0.50732EPSS
Exploits0References20Affected Software8
OSV
OSV
added 2021/07/15 2:15 p.m.3 views

CVE-2021-34687

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2021/07/15 2:15 p.m.14 views

CVE-2021-34687

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...

5.3CVSS0.00231EPSS
Exploits0References2
CVE
CVE
added 2021/07/15 1:17 p.m.49 views

CVE-2021-34687

CVE-2021-34687 affects iDrive RemotePC on Windows prior to 7.6.48. The vulnerability enables information disclosure where a man-in-the-middle can recover the system Personal Key during a LAN connection, because the key is transmitted over the network with only a substitution cipher for encryption.

5.3CVSS4.9AI score0.00231EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/15 1:17 p.m.16 views

CVE-2021-34687

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...

5.2AI score0.00231EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/14 12:0 a.m.191 views

FreeBSD : go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (c365536d-e3cf-11eb-9d8d-b37b683944c2)

The Go project reports : crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server...

6.5CVSS6.8AI score0.07032EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2021/07/13 6:15 a.m.1170 views

Exploit for Improper Certificate Validation in Golang Go

POC for CVE-2021-34558 bash Run the malicious TLS server...

6.5CVSS6.6AI score0.07032EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/07/13 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2206)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.04385EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 9:30 p.m.42 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM InfoSphere Optim Performance Manager (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM InfoSphere Optim Performance Manager Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

4.3CVSS4.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/08 9:30 p.m.46 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM InfoSphere Optim Performance Manager (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM InfoSphere Optim Performance Manager. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...

5CVSS4.6AI score0.74006EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2021/07/07 12:0 a.m.36 views

go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters

The Go project reports: crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server...

6.5CVSS2.4AI score0.07032EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/25 4:46 p.m.52 views

Security Bulletin: A Vulnerability in OpenSSH and Multiple Vulnerabilities in OpenSSL affect IBM GPFS V3.5 for Windows

Summary OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used ...

8.2CVSS1AI score0.89058EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/25 4:46 p.m.57 views

Security Bulletin: Vulnerability in RC4 stream cipher affects GPFS V3.5 for Windows (CVE-2015-2808) / Enabling weak cipher suites for IBM General Parallel File System is NOT recommended

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects OpenSSH for GPFS V3.5 for Windows. Additionally, with the recent attention to RC4 “Bar Mitzvah” Attack for SSL/TLS, this is a reminder to NOT enable weak or export-level cipher suites for IBM General Parallel File System GPFS. Vulnerability...

5CVSS4.9AI score0.74006EPSS
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2021/06/23 7:0 a.m.6 views

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library which has the surprising side-effect that if an application sets up multiple concurrent transfers the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario this weakens transport security significantly.

...

5.3CVSS5.5AI score0.02979EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/06/17 12:0 a.m.7 views

Huawei Data Communication: SSL is configured with an insecure algorithm

If the cipher-suite-list command contains insecure algorithms, the service that references this rule has security risks. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5AI score
Exploits0
Veracode
Veracode
added 2021/06/14 7:53 a.m.32 views

Insecure TLS Configuration

libcurl.so uses an insecure TLS configuration. The selected cipher set was stored in a single "static" variable in the library, and due to an error in code, the last cipher that is set would control the set used by all transfers...

5.3CVSS2.9AI score0.02979EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2021/06/12 11:2 a.m.3 views

OESA-2021-1216 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when...

5.3CVSS8.5AI score0.04385EPSS
Exploits2References3
OSV
OSV
added 2021/06/11 4:15 p.m.9 views

AZL-6358 CVE-2021-22897 affecting package curl for versions less than 7.76.0-5

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.6AI score0.02979EPSS
Exploits1References1
Rows per page
Query Builder